tests/krb5: Refactor claims tests to use get_target()

This simplifies the code for getting the credentials of the target service. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
author: Joseph Sutton <josephsutton@catalyst.net.nz> 2023-01-11 14:17:53 +1300
committer: Andrew Bartlett <abartlet@samba.org> 2023-03-03 01:07:36 +0000
commit: 9bec86229fdcae92e14baff02e0b59cf82591ceb (patch)
tree: 5415b7a160babcd96fba12869abf3a9943840c28 /python
parent: 49605b5e89a1fd0c7c61fda403d6cd697f8ef576 (diff)
download: samba-9bec86229fdcae92e14baff02e0b59cf82591ceb.tar.gz
samba-9bec86229fdcae92e14baff02e0b59cf82591ceb.tar.bz2
samba-9bec86229fdcae92e14baff02e0b59cf82591ceb.zip
2 files changed, 12 insertions, 44 deletions
diff --git a/python/samba/tests/krb5/claims_tests.py b/python/samba/tests/krb5/claims_tests.py
index 9ca87d6b189..c8464b10331 100755
--- a/python/samba/tests/krb5/claims_tests.py
+++ b/python/samba/tests/krb5/claims_tests.py
@@ -303,10 +303,7 @@ class ClaimsTests(KDCBaseTest):
 
         if to_krbtgt:
             target_creds = self.get_krbtgt_creds()
-            srealm = target_creds.get_realm()
-            sname = self.PrincipalName_create(
-                name_type=NT_SRV_INST,
-                names=[target_creds.get_username(), srealm])
+            sname = self.get_krbtgt_sname()
         else:
             target_creds = self.get_service_creds()
             sname = None
@@ -349,25 +346,10 @@ class ClaimsTests(KDCBaseTest):
                                 b'tgsarmor')
         armor_key = Krb5EncryptionKey(armor_key, None)
 
-        if to_krbtgt:
-            target_creds = self.get_krbtgt_creds()
-
-            srealm = target_creds.get_realm()
-            sname = self.PrincipalName_create(
-                name_type=NT_SRV_INST,
-                names=[target_creds.get_username(), srealm])
-        else:
-            target_enctypes = security.KERB_ENCTYPE_COMPOUND_IDENTITY_SUPPORTED
-            target_creds = self.get_cached_creds(
-                account_type=self.AccountType.COMPUTER,
-                opts={
-                    'supported_enctypes': target_enctypes,
-                })
-
-            srealm = target_creds.get_realm()
-            sname = self.PrincipalName_create(
-                name_type=NT_PRINCIPAL,
-                names=['host', target_creds.get_username()[:-1]])
+        target_creds, sname = self.get_target(
+            to_krbtgt,
+            extra_enctypes=security.KERB_ENCTYPE_COMPOUND_IDENTITY_SUPPORTED)
+        srealm = target_creds.get_realm()
 
         decryption_key = self.TicketDecryptionKey_from_creds(
             target_creds)
@@ -473,25 +455,10 @@ class ClaimsTests(KDCBaseTest):
                                 b'tgsarmor')
         armor_key = Krb5EncryptionKey(armor_key, None)
 
-        if to_krbtgt:
-            target_creds = self.get_krbtgt_creds()
-
-            srealm = target_creds.get_realm()
-            sname = self.PrincipalName_create(
-                name_type=NT_SRV_INST,
-                names=[target_creds.get_username(), srealm])
-        else:
-            target_enctypes = security.KERB_ENCTYPE_COMPOUND_IDENTITY_SUPPORTED
-            target_creds = self.get_cached_creds(
-                account_type=self.AccountType.COMPUTER,
-                opts={
-                    'supported_enctypes': target_enctypes,
-                })
-
-            srealm = target_creds.get_realm()
-            sname = self.PrincipalName_create(
-                name_type=NT_PRINCIPAL,
-                names=['host', target_creds.get_username()[:-1]])
+        target_creds, sname = self.get_target(
+            to_krbtgt,
+            extra_enctypes=security.KERB_ENCTYPE_COMPOUND_IDENTITY_SUPPORTED)
+        srealm = target_creds.get_realm()
 
         decryption_key = self.TicketDecryptionKey_from_creds(
             target_creds)
diff --git a/python/samba/tests/krb5/kdc_base_test.py b/python/samba/tests/krb5/kdc_base_test.py
index 2dec5c8bde4..fee2922241e 100644
--- a/python/samba/tests/krb5/kdc_base_test.py
+++ b/python/samba/tests/krb5/kdc_base_test.py
@@ -1475,7 +1475,7 @@ class KDCBaseTest(RawKerberosTest):
     # Get the credentials and server principal name of either the krbtgt, or a
     # specially created account, with resource SID compression either supported
     # or unsupported.
-    def get_target(self, to_krbtgt, compression):
+    def get_target(self, to_krbtgt, compression=None, extra_enctypes=0):
         if to_krbtgt:
             self.assertIsNone(compression,
                               "it's no good specifying compression support "
@@ -1488,7 +1488,8 @@ class KDCBaseTest(RawKerberosTest):
                 opts={
                     'supported_enctypes':
                         security.KERB_ENCTYPE_RC4_HMAC_MD5 |
-                        security.KERB_ENCTYPE_AES256_CTS_HMAC_SHA1_96,
+                        security.KERB_ENCTYPE_AES256_CTS_HMAC_SHA1_96 |
+                        extra_enctypes,
                     'sid_compression_support': compression,
                 })
             target_name = creds.get_username()
author	Joseph Sutton <josephsutton@catalyst.net.nz>	2023-01-11 14:17:53 +1300
committer	Andrew Bartlett <abartlet@samba.org>	2023-03-03 01:07:36 +0000
commit	9bec86229fdcae92e14baff02e0b59cf82591ceb (patch)
tree	5415b7a160babcd96fba12869abf3a9943840c28 /python
parent	49605b5e89a1fd0c7c61fda403d6cd697f8ef576 (diff)
download	samba-9bec86229fdcae92e14baff02e0b59cf82591ceb.tar.gz samba-9bec86229fdcae92e14baff02e0b59cf82591ceb.tar.bz2 samba-9bec86229fdcae92e14baff02e0b59cf82591ceb.zip